Microsoft Warns of Hoax E-mail

Microsoft Corp. warned customers that a hoax e-mail is circulating. Although no damage was found, Microsoft urges caution to anyone who receives this message.

The message claims to contain a Windows 95/98 Y2K update, and reads:

Dear registered Microsoft customer, we have compiled a program to test and fix the issues related to the year 2000 change. Attached is a LANCHECK (R) file to execute on your Windows 95/98 operating system. Please send any questions or comments to the Microsoft Y2K team at www.microsoft.com\Y2K.
Sincerely,
Tom Chandler
SVP, Y2K Taskforce
Microsoft Corp.

Company officials said that no one named Tom Chandler works at Microsoft.

Microsoft Security believes that this should be treated as a serious issue. Although the e-mail that Microsoft inspected did not appear to perform any malicious actions, there could be multiple versions available, or the payload could be modified to be malicious.

In a statement, Microsoft said it will never distribute software via e-mail. Instead, updates and security patches are provided on Microsoft's Year 2000 Web site (located at www.microsoft.com/y2k and www.microsoft.com/security, respectively) or on a CD- ROM, such as the Year 2000 Resource CD.

When Microsoft sends e-mail messages to its customers regarding Y2K updates or security patches, it is merely to inform them that they are available and the e-mail will only provide links to the Microsoft download sites. Microsoft never attaches the software itself to the e-mail. -- Thomas Sullivan